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DETAILED ACTION 

1. This is a non-Final Office Action in response to the appHcant's communication filed on 
January 17,2007. 

2. Claims 1-14 have been examined. 

3. Claims 1-14 are pending. 

Claim Objections 

4. Claim 13 is objected to because of the following informalities: Claim 20: line 13: recites, 
"security keys keys generated." One "keys" is not needed. Appropriate correction is required. 

5. Claims 8, 10, 1 1 and 14 are objected to because of the following informalities: 

The term "Placebo keys" in claim 8, 10, 11, and 14 is used by the applicant in the claims 
to mean "inactive or temporal keys", while the accepted meaning is:" a. A substance 
containing no medication and prescribed or given to reinforce a patient's expectation to 
get well. b. An inactive substance or preparation used as a control in an experiment or 
test to determine the effectiveness of a medicinal drug. OR. Something of no intrinsic 
remedial value that is used to appease or reassure another." American Heritage 
Dictionary, 4^*^ Edition. The term is indefinite because the specification does not clearly 
redefine the term and the claims are rendered ambiguous. 
Appropriate correction is required. 
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Specification 

6. The disclosure is objected to because it contains an embedded hyperlink and/or other 
form of browser-executable code. Applicant is required to delete the embedded hyperlink and/or 
other form of browser-executable code. See MPEP § 608.01. 

[Disclosure; 0022] More complete information may howeyer be obtained from "Key 
Management for Multicast: Issues and Architectures; D. Wallner, E. Hardner & R. Agee, 
available online at the website www.ietf.org/rfc/rfc2627.txt the contents of which are hereby 
incorporated by reference. 

Claim Rejections '35 use §103 

7. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth 
in section 102 of this title, if the differences between the subject matter sought to be patented and the prior 
art are such that the subject matter as a whole would have been obvious at the time the invention was made 
to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

8. Claims 1-9 and 13 rejected under 35 U.S.C. 103(a) as being unpatentable over Lotspiech 
et al. (hereinafter referred to as Lotspiech, US Pat. No.: 7,039,803), in view of Sudia et al. 
(hereinafter referred to as Sudia, US Pub No.: 2002/0029337). 

As per claim 1 : 
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Lotspiech discloses a method of managing security keys generated from an ancestral 
hierarchy and used to provide selective access to provision of a service, wherein invalidation of a 
key necessitates reconfiguration of each other key within the hierarchy to the extent another key 
and an invalidated key share common ancestry, the method comprising the steps of: 

defining at least two groups of users of the service to whom keys have been issued 

(colimin 3: lines 5-21; column 4: lines 37-60; column 6: lines 20-37); 
issuing keys to users from domains within the hierarchy upon the basis of their grouping 
(column 3: lines 1 1-20, lines 53-64; figure 4:36, 38; Column 7: lines 55-65). 

Lotspiech does not explicitly disclose allocating within the hierarchy a distinct domain 
for each group of users. Sudia, in analogous art, however, teaches allocating within the 
hierarchy a distinct domain for each group of users (0046-0050). Therefore, it would have been 
obvious to a person having ordinary skill in the art at the time the invention was made to 
modify the method disclosed by Lotspiech to include allocating within the hierarchy a distinct 
domain for each group of users. This modification would have been obvious because a person 
having ordinary skill in the art would have been motivated to provide a system for securely 
using digital signatures in a commercial cryptographic system that allows industry-wide security 
policy and authorization information to be encoded into the signatures and certificates by 
employing attribute certificates to enforce policy and authorization requirements as suggested by 
Sudia in (0024). 



As per claim 2: 
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Sudia discloses a method, wherein the at least two groups of users are defined upon the 
basis of a predetermined policy which provides that users are grouped according to their 
perceived value to a provider of the service (0024; 0053; 0055). 

As per claim 3: 

Lotspiech discloses method, wherein a first user group having the highest perceived value 
to the provider are allocated keys firom a first domain, and wherein keys from the first domain 
share fewer ancestors with keys firom other domains than said keys fi-om other domains share 
with each other (Column 4: lines 37-50; column 10: lines 3-22). 

As per claim 4: 

Lotspiech discloses method, wherein keys from the first domain share only one ancestor 
with said keys fi-om other domains (column 4: lines 40-60). 

As per claim 5: 

Lotspiech discloses method, wherein the ancestral hierarchy has a binary tree architecture 
(column 3: lines 15-22). 

As per claim 6: 

Sudia discloses a method, wherein the at least two groups of users are defined upon the 
basis of a predetermined policy which provides that users are grouped according to a perceived 
susceptibility of them ceasing to require the service, and a first user group having the highest 



Application/Control Number: 10/694,824 Page 6 

Art Unit: 2137 

perceived susceptibility are allocated keys from a first domain, and wherein keys from the first 
domain share fewer ancestors with keys from other domains than said keys from other domains 
share with each other (0024; 0053; 0055; 0046-0050). 

As per claim 7: 

Lotspiech discloses method, wherein keys from the first domain share only one ancestor 
with said keys from other domains (column 4: lines 40-60). 

As per claim 8: 

Sudia discloses a method, wherein varying levels of service are available and a group of 
users of a low-service level are allocated placebo keys providing no security, thereby to obviate a 
need to reconfigure other user's keys upon their invalidation (0090; 0138; 0139). 

As per claim 9: 

Sudia discloses a method, wherein the service is a dynamic service and its value is 
ephemeral and based upon its contemporaneous nature (0138; 0139). 

As per claim 13: 

Lotspiech discloses a computing entity adapted to manage distribution of security keys 
keys generated from an ancestral hierarchy and used to provide selective access to provision of a 
service, wherein invalidation of a key necessitates reconfiguration of each other key vsdthin the 
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hierarchy to the extent another key and an invalidated key share common ancestry, the entity 
being adapted to: 

define at least two groups of users of the service to whom keys have been issued (column 
3: lines 5-21; column 4: lines 37-60; column 6: lines 20-37); 

issue keys to users from domains within the hierarchy upon the basis of their grouping 
(column 3: lines 1 1-20, lines 53-64; figure 4:36, 38; Column 7: lines 55-65). 

Lotspiech does not explicitly disclose allocate within the hierarchy a distinct domain for 
each group of users. Sudia, in analogous art, however, teaches allocate within the hierarchy a 
distinct domain for each group of users (0046-0050). Therefore, it would have been obvious to 
a person having ordinary skill in the art at the time the invention was made to modify the 
method disclosed by Lotspiech to include allocate within the hierarchy a distinct domain for 
each group of users. This modification would have been obvious because a person having 
ordinary skill in the art would have been motivated to provide a system for securely using 
digital signatures in a commercial cryptographic system that allows industry-wide security policy 
and authorization information to be encoded into the signatures and certificates by employing 
attribute certificates to enforce policy and authorization requirements as suggested by Sudia in 
(0024). 

9. Claims 10-12 and 14 rejected under 35 U.S.C. 103(a) as being unpatentable over Sudia et 
al. (hereinafter referred to as Sudia, US Pub No.: 2002/0029337) in view of Lotspiech et al. 
(hereinafter referred to as Lotspiech, US Pat. No.: 7,039,803). 
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As per claim 10: 

Sudia discloses a method of managing security key distribution to a plurality of users of a 
service comprising the steps of: 

defining levels of service provision (0014; 015; 0075); and 

allocating keys to users which are indicative to a service provider of the level of service 
to which they are entitled (Colxmin 4: lines 37-50; column 10: lines 3-22). 

Sudia does not explicitly disclose for at least one level of service provision allocating 
placebo keys which do not provide security for the provision of the services. Lotspiech, in 
analogous art, however, teaches for at least one level of service provision allocating placebo 
keys which do not provide security for the provision of the services (column 7: lines 15-25: 
short-lived key). Therefore, it would have been obvious to a person having ordinary skill in the 
art at the time the invention was made to modify the method disclosed by Sudia to include for 
at least one level of service provision allocating placebo keys which do not provide security for 
the provision of the services. This modification would have been obvious because a person 
having ordinary skill in the art would have been motivated to provide a grouping of users into 
(possibly overlapping) subsets of users, each subset having a unique, preferably long-lived subset 
key, and assigning each user respective private information as suggested by Sudia in (column 3: 
lines 10-20). 

As per claim 11: 
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Sudia discloses a method, wherein the placebo keys operate in such a manner that a user 
is not able to perceive a difference between a functioning security key and a placebo key 
(Column 4: lines 36-52: short and long lived key). 

As per claim 12: 

Sudia discloses a method, wherein the service is dynamic and its value is ephemeral and 
based upon its contemporaneous nature (Column 4: lines 36-52: short and long lived key). 

As per claim 14; 

Sudia discloses a method of computing entity adapted to manage security key distribution 
to a plurality of users of a service by: 

defining levels of service provision (0014; 015; 0075); 

allocating keys to users which are indicative to a service provider of the level of service 
to which they are entitled (Column 4: lines 37-50; column 10: lines 3-22). 

Sudia does not explicitly disclose for at least one level of service provision allocating 
placebo keys which do not provide security for the provision of the services. Lotspiech, in 
analogous art, however, teaches for at least one level of service provision allocating placebo 
keys which do not provide security for the provision of the services (column 7: lines 15-25: 
short-lived key). Therefore, it would have been obvious to a person having ordinary skill in the 
art at the time the invention was made to modify the method disclosed by Sudia to include for 
at least one level of service provision allocating placebo keys which do not provide security for 
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the provision of the services. This modification would have been obvious because a person 
having ordinary skill in the art would have been motivated to provide a grouping of users into 
(possibly overlapping) subsets of users, each subset having a unique, preferably long-lived subset 
key, and assigning each user respective private information as suggested by Sudia in (column 3: 
lines 10-20). 

Conclusion 

. 10. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

See the notice of reference cited in form PTO-892 for additional prior art. 

Contact Information . 

1 1 . Any inquiry concerning this ' communication or earlier communications from the 
examiner should be directed to Techane J. Gergiso whose telephone number is (571) 272-3784 
and fax number is The examiner can normally be reached on 9:00am - 6:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Emmanuel Moise can be reached on (571) 272-3865. The fax phone number for the organization 
where this application or proceeding is assigned is 571-273-8300. 
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